Wireshark
3.4.3
What is Wireshark for Mac
Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.
Wireshark has a rich feature set which includes the following:
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
- The most powerful display filters in the industry
- VoIP analysis
- Live capture and offline analysis are supported
- Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
- Capture files compressed with gzip can be decompressed on the fly
- Hundreds of protocols are supported, with more being added all the time
- Coloring rules can be applied to the packet list, which eases analysis
What's new in Wireshark
Version 3.4.3:
Bug Fixes
- wnpa-sec-2021-01 USB HID dissector memory leak.
- wnpa-sec-2021-02 USB HID dissector crash. Bug 17165.
- SIP response single-line multiple Contact-URIs decoding error
- Adding filter while "Telephony→VoIP Calls→Flow Sequence" open causes OOB memory reads and potential crashes.
- QUIC packet not fully dissected
- SOMEIP-SD hidden entries are off
- Problem with calculation on UDP checksum in SRv6
- Dark mode not working in Wireshark 3.4.2 on macOS
- Wireshark 3.4.0: build failure on older MacOS releases, due to 'CLOCK_REALTIME'
- TECMP: Status Capture Module messages shows 3 instead of 2 bytes for HW version
- Documentation - editorial error - README.dissector bad reference
- Cannot save capture with comments to a format that doesn’t support it (no pop-up)
- AUTOSAR-NM: PNI TF-String wrong way around
- Fibre Channel parsing errors even with the fix for
- f5ethtrailer: Won’t find a trailer after an FCS that begins with a 0x00 byte
- f5ethtrailer: legacy format, low noise only, no vip name trailers no longer detected
- Buildbot crash output: fuzz-2021-01-22-3387835.pcap
- Dissection error on large ZVT packets
- TShark crashes with -T ek option
Related articles
Join over 500,000 subscribers.
Subscribe for our newsletter with best Mac offers from MacUpdate.
(0 Reviews of )
There are no reviews yet
Jul 28 2019
Version: 3.1.0
Hey guys, was curious if there is anyone here that uses Homebrew, I had upgraded to Wireshark 3.1.0 via the cask command in brew, then they released an update that put it back to version 3.0.3, which I had initially. I was just curious why? Thanks
Jul 21 2017
Version: 2.4.0
Link is wrong, goes to old version.
correct 2.4 version https://2.na.dl.wireshark.org/osx/Wireshark%202.4.0%20Intel%2064.dmg
Nov 21 2015
Version: 2.0.0
Finally it has a native UI and doesn't require X11/XQuartz!
Oct 29 2015
Version: 1.12.8
Wireshark.org suggests that users of OS X try v2.0.0rc1, first. If it doesn't work for you, then try this version.
Mar 17 2015
Version: 1.12.4
This may possibly be of help to other new WireShark users who are having trouble getting WireShark to launch in Yosemite. Some of this has been shared before, but there is a little added twist at the end which worked for me.
I made repeated attempts to use both WireShark 1.12.4 and 1.99.3, but without success. Regardless of which version I used, WireShark keep freezing up during the initialization process.
In the initialization window, WireShark would get as far as "Loading module preferences", or about three quarters of the way done, and in the bottom of the window it would say "Please wait while Wireshark is initializing..."; and then freeze-up.
So I conducted some quick research on the web and discovered that I had to enter "sudo ln -s /opt/X11 /usr/X11" in the Terminal in order to restore a link an X11 link that Yosemite breaks. However, even that did not help.
Next, I reinstalled XQuartz 2.7.7. Again, that didn't help either.
Then I came across an online comment where someone stated that they typed "sudo wireshark" in the Terminal. Guess what? I don't know why, but it worked. The Terminal spit out the following, and then WireShark launched on my desktop:
void QCocoaMenu::insertNative(QCocoaMenuItem *, QCocoaMenuItem *) Menu item is already in a menu, remove it from the other menu first before inserting
void QCocoaMenu::insertNative(QCocoaMenuItem *, QCocoaMenuItem *) Menu item is already in a menu, remove it from the other menu first before inserting
void QCocoaMenu::insertNative(QCocoaMenuItem *, QCocoaMenuItem *) Menu item is already in a menu, remove it from the other menu first before inserting
void QCocoaMenu::insertNative(QCocoaMenuItem *, QCocoaMenuItem *) Menu item is already in a menu, remove it from the other menu first before inserting
22:01:58 Dbg plugin_dir: /Applications/Wireshark.app/Contents/PlugIns/wireshark
Now I can click WireShark's icon in the Dock, and it appears to be working fine.
Feb 14 2015
Version: 1.12.3
Wireshark on Yosemite
To get Wireshark working on Yosemite you will need to install X11 which may be found at:
http://xquartz.macosforge.org/landing/
and then make the following link:
$ sudo ln -s /opt/X11 /usr/X11
Sep 17 2014
Version: 1.12.0
Wireshark 1.12.1 is available fixing several security issues with DoS vulnerabilities in some of their parsers or dissectors.
Enjoy.
Apr 1 2013
Version: 1.8.6
Just for the record, when you start WireShark (1.9.2) in Mountain Lion, it offers to install an X11 system. If you say yes, it takes you to an Apple Support page which contains a link to the XQuartz project. You have to download and install it. Note that it gets installed in the Utilities folder inside the Applications folder.
When you start WireShark, it asks you to find X11. Navigate to Utilities folder and select XQuartz.
WireShark now freezes for a couple of minutes while it builds font caches - DON'T PANIC! Then the window appears.
More apps
Jamf Pro for MacSSL-Explorer Community Edition for MacCreateTorrent Widget for MaciServe for MacSplunk for MacAirfoil Source Selector for MacCocoa Packet Analyzer for MacMithra Wept Cartoons Widget for MacJOverNetCopy for MacProxifier for MacAC Milan News for MacSwift Share for MacTinySvr for MacShinobi Scanner for MacLocal Admin for MacCheetahWatch for MacFree
App requirements:
- Intel 64
- macOS 10.12.0 or later
License:
Free • Absolutely Free
Downloaded & Installed 182,410 times
Similar apps
Debookee
Analyze the information being sent over your network.
Is this app is similar to Debookee? Vote to improve the quality of this list.
Vote results
0
Upvotes
3
Total score
0
Downvotes
Cocoa Packet Analyzer
Network packet protocol analyzer.
Is this app is similar to Cocoa Packet Analyzer? Vote to improve the quality of this list.
Vote results
2
Upvotes
2
Total score
0
Downvotes
Webber
View all HTTP/HTTPS traffic during development.
Is this app is similar to Webber? Vote to improve the quality of this list.
Vote results
1
Upvotes
1
Total score
0
Downvotes
Charles
Java HTTP proxy and monitor.
Is this app is similar to Charles? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
Airfoil
Send audio from any app to AirPort Express/Apple TV and more.
Is this app is similar to Airfoil? Vote to improve the quality of this list.
Vote results
0
Upvotes
1
Total score
0
Downvotes
New and Recently Updated
